IACR News item: 25 May 2015
Yonglin Hao, Hongbo Yu
ePrint ReportWe find that the wide-pipe MD structural LSH hash functions do not apply the traditional feeding forward operation.
This structural weakness enables us to launch free-start collision and pseudo-preimage attacks on full-round LSH hash functions with negligible complexities.
In order to evaluate the quality of the LSH round functions, we launch 14-round boomerang attacks on LSH-512 and LSH-256 hash functions with complexities $2^{308}$ and $2^{242}$ respectively.
We verify the correctness of our boomerang attacks by giving practical 11-round boomerang quartets.
These boomerang results indicate that the round functions of LSH are well designed.
Based on our analysis, we stress that the adoption of the feeding forward operation should be essential to the LSH hash functions despite of their well designed round functions.
The PMD structural SHA-V parallelizes two SHA-1-like streams and each stream processes independent 512-bit message blocks.
This structure enable us to utilize the divide-and-conquer strategy to find preimages and collisions.
Our preimage attack can be applied to full-round SHA-V with time \\& memory complexities $O(2^{80})$.
Our trivial collision attacks also requires $O(2^{80})$ complexities but, utilizing existing results on SHA-1, we can find a SHA-V collision with a time complexity $O(2^{61})$ and a negligible memory complexity.
These results indicate that there are weaknesses in both the structure and the round function of SHA-V.
Additional news items may be found on the IACR news page.